same problem here.

Duplicate of #69

suggest to reference atom's implementation, by using strict-ssl = false
https://atom.io/docs/v1.0.0/getting-started-installing-atom#setting-up-a-proxy

This might not be a dupe after all, thanks @iamzhout!

@joaomoreno Welcome, hope this issue could be fixed soon :-) otherwise many corporate users may not be able to install extensions and make full use of vscode.

Same issue here, but with a corporate proxy and authentication (no certificate). I get a getaddrinfo ENOTFOUND marketplace.visualstudio.com vmarketplace.visualstudio.com:443 (although I'm able to check & install upgrades with http_proxy and https_proxy env variables).

Same issue here, with the similar error to @RobertoMD:

getaddrinfo EAI_AGAIN marketplace.visualstudio.com:443

Have set http.proxy and https.proxy settings values. VS Code updates work fine; only Extensions Marketplace seems broken.

+1

eaa5bcf introduces a new configuration setting http.proxyStrictSSL which when set to false will make the request bypass certificate chain validation

Will this be in Dec 2015 milestone?

Yes it will.

How do I enable this setting? Currently running v0.10.3. I have tried adding it to the User Settings (as well "http.proxy") and still getting the same error.

Oh. just re-read looks like this is in the end of December release.

NOK for me for 0.10.6, also reported in issue 69 thread

I do have added "http.proxyStrictSSL":false in my User Settings configuration, as below picture shows.

@iamzhout did you apply this workaround?

@joaomoreno Yes, I have applied this patch, and restarted vscode, still the same error.

Can you somehow show me how I can reproduce your case? Eg: how to set up an untrusted proxy?

@joaomoreno hmm, I think this should be something like SSLStrip, by replacing the https cert from original website to private ones, like this tool shows, though I didn't tried this myself.

Anyway, the strict-ssl=false setting for Atom does works well, so I suggest to refer to the Atom project to see if we can find some clue.

Atom's implementation is similar to ours.

I've just spent one hour trying to set up this scenario on my dev machine and yielded no significant results. I would love if someone can provide me an environment in which I can reproduce this and fix it myself. Maybe some of you guys have proxies which I can use?

Maybe you'd like to tackle this @iamzhout, since you seem to be able to reproduce this effortlessly?

@joaomoreno there is of course no way to give my company proxy to you, as you can not access.
I consider this problem for a while and maybe there are some ways we can try:

1. tell me if there is way to get more detailed debug info, so I can collect more info for your analysis.
2. if it will not take you so much trouble, would you like to try this wallproxy, as it will do https cert replacement, and maybe can reproduce this error. You can refer this tutorial on how to setup a wallproxy server/client. (you can use google translate to make this tutorial from Chinese to English)

If there is anything I can do to help, please just tell me.

/Tao

Ok, I think I got it. I was able to get the same untrusted error using the Charles proxy software.

I was then finally able to figure out why the setting was being ignored. Pushed a fix.

Can I ask you to test this out? I've uploaded a build with the fix in. Please close any Code instances, extract it and run the Code.exe within it. Let me know how it goes.

Still get the "unable to verify the first certificate" error with the new build. I've never gotten the error about the cert being self-signed.

Can I enable logging or get some kind of debug output for you? That might help.

As an aside, I actually get a similar issue (unable to verify first certificate) when I try to run a locally compiled vscode from the source tree, right when code.bat bootstraps electron.

EDIT:

Looking at

export function getProxyAgent(rawRequestURL: string, options: IOptions = {}): any {
    if (!options.proxyUrl) {
        return getSystemProxyAgent(rawRequestURL);
    }

    return getAgent(rawRequestURL, options.proxyUrl, options.strictSSL);
}

in proxy.ts - is the strictSSL flag ignored if a proxy URL isn't set? That would explain why just setting http.proxyStrictSSL doesn't work for me, since I don't supply a proxy URL via http.proxy (and I don't do that with either Atom or node/npm to get them working either, I just disable the appropriate strict ssl setting)

@joaomoreno Your fix build just works for me, now extensions could be installed successfully, thanks for your great work!

@iamzhout Awesome, many thanks for the confirmation!

@bleggett You're absolutely right, I didn't realise these options could be used independently. I assume you set your proxy address via the HTTP_PROXY and HTTPS_PROXY environment variables? Give this build a try and let me know if it solves the issue for you.

@joaomoreno That build doesn't work either, sadly.

No, those variables are not set on my box. Since I'm in a corporate setting I have an IT department that apparently doesn't expect me to have to know the proxy URL because they route all traffic through it, so with other node-based stuff I've not had to set a proxy http/https URL to get things working, I've just disabled strict SSL.

I assume the reason this has worked with other node-based stuff is because strictSSL = false has been treated as a global flag that disables strict cert checking regardless of the other proxy settings.

@joaomoreno I have set http.proxy, https.proxy and http.proxyStrictSSL = false,

I want to install extensions:
CTRL + P: enter: > inst .. wait a moment, select "Extensions: Install Extensions".

With the latest decembe release: I get a blue loading bar after a few seconds it says:
"ERROR Unable to verify the first certificate"

With your first build you posted here:
#155 (comment)

I just get an endless loading bar and nothing happens.

With your second build you posted here:
#155 (comment)

I just happens nothing, it instantly closes the prompt without any result.

Any idea?

UPDATE:

I have had a look into the developer console.
With both of your builds, vs code tries to load the extensions stuff. But our enterprise proxy returns
a

Access Denied (authentication_failed)




Your credentials could not be authenticated: "Credentials are missing.". You will not be permitted access until your credentials can be verified.


This is typically caused by an incorrect username and/or password.

My settings.json looks like this:

// Place your settings in this file to overwrite default and user settings.
{
//-------- HTTP configuration --------

// The proxy setting to use. If not set will be taken from the http_proxy and https_proxy environment variables
"http.proxy": "http://myusername:mypassword@123.123.123.123:8080",
"https.proxy": "http://myusername:mypassword@123.123.123.123:8080",

// Whether the proxy server certificate should be verified against the list of supplied CAs.
"http.proxyStrictSSL": false,

}

The thing is, i am acutally using the same source of the http.proxy value in my git, npm and bower proxy config. I Also set this up for HTTP_PROXY and HTTPS_PROXY. Thats where i copy/pasted it from. And well, it just works fine there.

@bleggett Thanks for the explanation. Sorry for all the ping-pong with the builds and all, but I just can't seem to reproduce your scenario, so we'll have to try to catch it this way.

I've noticed that we can also set rejectUnauthorized to false when making a non-proxied HTTPS request. Here's a new build that does that, do you mind giving it a try? Don't forget to set http.proxyStrictSSL to false.

@FloMaetschke moved your issue to #1942

@joaomoreno No problem at all, willing to test whatever you need, thanks for sticking with this.

The new build finally shows me the list of extensions to install, so that part works now. Trying to install or click on one of them gives me the same "unable to verify first cert" error I had before.

So whatever you did is an improvement, it just doesn't seem to be applied to package downloads/install.

Interesting: I get this:

getaddrinfo ENOTFOUND 10.170.129.90:8080 10.170.129.90:8080:8080

but only when actually trying to install the extension (browsing the list works just fine).

I've set http.proxy to http://10.170.129.90:8080, http.proxyStrictSSL to false and fixed http.proxy.StrictSSL typo as recommended above, with no success though -- this error message always shows up. Any ideas on how to fix that?

@aldanor This seems to be the issue reported when the bug was reopened. Please give this build a try. Let me know if you still get the issue.

@bleggett Excellent. Try this one now.

This worked for me. Thanks!

@joaomoreno Woot, thanks, that works fine.

🎆 Fix will be out with the next release of VS Code.

Many thanks to all that put up with this ping-pong! 🍻

@joaomoreno I'm now issue the same proxy problem, and have read all posts. But the build you mentioned above can't be downloaded, it says 'AuthenticationFailed'. Could you please provider a new package?

Here you go.

Got it. Thanks! 👍

Same issue, can I have the build that works?

@nadeem-aslam This is already fixed in 0.10.8.

Updated and works great!

For anyone new doesn't want to sift through all the posts. In 0.10.11, this works:

Set "http.proxyStrictSSL": false in user settings in order to install extensions.

Motion to close.

Motion granted.